CVSS: 8.4EPSS: 0%CPEs: 35EXPL: 0CVE-2016-2857 – Qemu: net: out of bounds read in net_checksum_calculate()
https://notcve.org/view.php?id=CVE-2016-2857
08 Apr 2016 — The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. La función net_checksum_calculate en net/checksum.c en QEMU permite a usuarios del SO invitado provocar una denegación de servicio (lectura de memoria dinámica fuera de rango y caída) a través de una longitud de la carga útil en un paquete manipulado. An out-of-bounds read-access flaw was found in the QEMU emula... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2858 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-2858
04 Apr 2016 — QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption. QEMU, cuando está construido con el soporte back-end Pseudo Random Number Generator (PRNG), permite a usuarios locales del SO invitado provocar una denegación de servicio (caída del proceso) a través una petición de entropía, lo que desencadena una asignación ar... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 • CWE-331: Insufficient Entropy •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2392 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-2392
04 Apr 2016 — The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet. La función is_rndis en el dispositivo de emulación USB Net (hw/usb/dev-network.c) en QEMU en versiones anteriores a 2.5.1 no valida correctamente objetos descriptores d... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=80eecda8e5d09c442c24307f340840a5b70ea3b9 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2538 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-2538
04 Apr 2016 — Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function. Múltiples vulnerabilidades de desbordamiento de entero en el dispositivo de emulación USB Net (hw/usb/dev-network.c) en QEM... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fe3c546c5ff2a6210f9a4d8561cc64051ca8603e • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8701 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-8701
04 Feb 2016 — QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit (tx) descriptors in 'tx_consume' routine, if a descriptor was to have more than allowed (ROCKER_TX_FRAGS_MAX=16) fragments. A privileged user inside guest could use this flaw to cause memory leakage on the host or crash the QEMU process instance resulting in DoS issue. QEMU (también conocido como Quick Emulator) construido con el soporte de emulación switch Rock... • http://www.openwall.com/lists/oss-security/2015/12/28/6 • CWE-193: Off-by-one Error •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8504 – Debian Security Advisory 3470-1
https://notcve.org/view.php?id=CVE-2015-8504
03 Feb 2016 — Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. Qemu, cuando se construye con soporte de controlador de pantalla VNC, permite a atacantes remotos provocar una denegación de servicio (excepción aritmética y caída de aplicación) a través de mensajes SetPixelFormat manipulados desde un cliente. Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X supp... • http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=4c65fed8bdf96780735dbdb92a8 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8558 – Debian Security Advisory 3470-1
https://notcve.org/view.php?id=CVE-2015-8558
03 Feb 2016 — The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. La función ehci_process_itd en hw/usb/hcd-ehci.c en QEMU permite a administradores de SO locales invitados provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una lista iTD (de descriptor de transferencia isócrona) circular. Qinghao Tang discovered that QEMU inc... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=156a2e4dbffa85997636a7a39ef12da6f1b40254 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.7EPSS: 0%CPEs: 19EXPL: 0CVE-2015-8567 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-8567
03 Feb 2016 — Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). La pérdida de memoria en net/vmxnet3.c en QEMU permite a atacantes remotos provocar una denegación de servicio (consumo de memoria). Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176503.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8568 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-8568
03 Feb 2016 — Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly. La pérdida de memoria en QEMU, cuando se construye con un VMWARE VMXNET3 paravirtual NIC emulador de soporte, permite a los usuarios locales invitados a provocar una denegación de servicio (consumo de memoria del host) al intentar activar el dispositivo vmxnet3 repetidamente. Qinghao Tang d... • http://www.debian.org/security/2016/dsa-3471 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8613 – Ubuntu Security Notice USN-2891-1
https://notcve.org/view.php?id=CVE-2015-8613
03 Feb 2016 — Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command. El desbordamiento de búfer basado en la pila en la función megasas_ctrl_get_info en QEMU, cuando se construye con el soporte de emulación SCSI MegaRAID SAS HBA, permite a los usuarios locales invitados provocar una denegación de servicio (caída de ins... • http://www.debian.org/security/2016/dsa-3471 • CWE-787: Out-of-bounds Write •